Quick-hit artists

Published 12:00 am, Saturday, May 20, 2017

Police are on the lookout for “skimming” instruments that steal people’s financial information from cards used at automatic teller machines, gas pumps and other devices. “Gas-pump skimming has really taken off in Connecticut,” said Det. Mark Solomon of the Greenwich Police Department. less

Police are on the lookout for “skimming” instruments that steal people’s financial information from cards used at automatic teller machines, gas pumps and other devices. “Gas-pump skimming has really ... more

A Greenwich police detective, Mark Solomon, has been giving lectures and demonstrations to business leaders in the region on security lapses and ways to prevent them.

A Greenwich police detective, Mark Solomon, has been giving lectures and demonstrations to business leaders in the region on security lapses and ways to prevent them.

Photo: / Robert Marchant / Hearst Media

Image 3 of 3

Det. Mark Solomon of the Greenwich police department demonstrates some of the techniques used by cybercriminals to “skim” debit-card information at gas pumps.

Det. Mark Solomon of the Greenwich police department demonstrates some of the techniques used by cybercriminals to “skim” debit-card information at gas pumps.

Photo: / Robert Marchant / Hearst Media

Quick-hit artists

1 / 3

Back to Gallery

GREENWICH — Cybercrime is on the rise in Greenwich and across the region, and law-enforcement officials and private industry are forging new partnerships to stay one step ahead of criminals armed with a new array of tools to steal data and money.

As cybercriminals become increasingly hi-tech — using 3D printers, miniature electronic devices and advanced software programs — police agencies are seeking to make the public better aware of security lapses that can lead to major thefts at local gas stations or office complexes.

“It’s a cat-and-mouse game,” said Detective Mark Solomon of the Greenwich Police Department, a regional specialist in cybercrime who has ramped up a public education campaign with business and civic leaders in recent months to increase recognition of the problem.

“It’s the most rapidly evolving criminal activity out there,” Solomon said during a recent briefing at Greenwich police headquarters. “There hasn’t been a crime that has branched out this quickly — financial and cybercrime has exploded. ... You come up with better security, and four- to six-months later, they defeat it.”

The latest law enforcement initiative is looking to break up “skimming” operations, which use an electronic device to steal the data on a credit or debit card’s magnetic strip. Greenwich police found a skimmer device and a camera to capture debit card information two weeks ago, Solomon said. There have been “multiple” incidents of skimming in Greenwich over the years, and 30 incidents were reported in Connecticut in 2016, he said.

The current wave of cybercrime to hit the region, and Greenwich, is the theft of debit card information at gas pumps.

More Information

Security tips:

*Cover the PIN pad with a hand or envelope when entering digits.

*Manually inspect the card reader before inserting a card into the portal. If it’s loose or wiggles, it could be compromised.

*Use a different card to open the security door than the one used to make a withdrawal. The magnetic stripe on a credit card will usually open a door to an automated ATM vestibule.

*Look for anything out of the ordinary. Signs with misspellings or unusual sounding directives could mean a device has been hacked.

*Retail workers should be wary of attempts to distract them while a customer is preparing to use a debit card. Criminals can slip a “skimmer” onto a device in seconds, often with the aid of an accomplice.

“Gas pump skimming has really taken off in Connecticut,” said Solomon, who works with the Connecticut Financial Crime Task Force, based in New Haven.

Only about three inches in size, the devices are slipped into a gas pump and are impossible to detect from the outside.

“They’re purchased on the ‘dark net’ (the black market Internet),” he said. “Some of these devices are Bluetooth enabled, so they can be operated remotely. The bad guys will drive by, pull up and extract the data, and put it on a laptop. They don’t even have to get into the gas pump. And it’s not visible to the customer or the owner.”

The magnetic stripes on debit and credit cards are “1970s technology,” the detective said, and easy to hack. With information stolen from cards, the data can be applied to stolen gift cards to buy merchandise. Law enforcement is working with gas station operators to improve counter-measures like safety seals on the pumps, but there are costs involved.

Banks and automatic teller machines are also being targeted. Criminal gangs use 3D printers to create “overlays,” which look exactly like the portals in which a debit card is inserted.

“They’re pre-made overlays. They slap it on, and it captures the magnetic strip and the PIN. And it’s identical to the original face,” said Solomon.

In other cases, a small pinhole camera will capture a customer’s PIN and match it to a skimmer that collects the magnetic strip information, allowing criminals to make withdrawals from the person’s account.

Solomon said he advises consumers to shield their PIN numbers with a hand or envelope when they make a transaction. He says people can give a little tug or pull on the card reader to make sure it’s not a fake overlay.

The new computer chips installed on many new cards are helping to deter debit card cybercrime, but they’re not infallible. “It’s one of the better technologies out there, but it’s not perfect,” the detective said.

Who’s behind the cybercrime and skimming rings?

“Some of the time, it’s organized crime groups, 20 to 30 people. Other times, it’s more nomadic, just three or four,” said Solomon. “We’ve seen Armenian groups, Eastern European groups. We’ve also seen Cuban criminal organizations coming up from Florida. And homegrown.”

Stealing through fraudulent emails is another thriving criminal enterprise. Solomon said cybercriminals obtain email information and then attempt to dupe office workers into sending wire transfers or releasing personal identity materials. Law enforcement has been working with companies to ensure that big money transfers are only processed after “face-to-face or verbal confirmation,” Solomon said.

The “ransomware” hacks that caused major problems for hospitals, schools and businesses in Europe in recent days have not come to the U.S., but Solomon said similar initiatives have been carried out in Connecticut in prior years. Hackers wall off an organization’s data, or an individual’s laptop data, and then demand payment to release it. “It’s hard to crack, unfortunately,” the financial specialist said. “Backing up your files in multiple places — that’s important.”

A computer expert from Greenwich, Brian Desrosier, said he’s worked with a number of companies in the area whose data have been hacked and then extorted.

“The ransom keeps going up. Today it’s $2,000, tomorrow it’s $4,000, then $8,000 after that, and it goes up exponentially,” said Desrosier, president of Computer SuperCenter in Greenwich. He said small companies can be especially at risk given their lower security resources, and it can take months before they’re even aware they’ve been breached.

“It’s not a new phenomenon, it’s been going on for years,” the computer specialist said. He advises consumers and business-owners to back up all their data and use two passwords instead of one — “multifactor” authentication.

“And be very careful about clicking on emails when you don’t know how the sender is,” Desrosier said.